CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 3CVE-2009-3822 – Joomla! Component Ajax Chat 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-3822
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. Vulnerabilidad de subida de archivos sin restricción en el componente Fiji Web Design Ajax Chat (com_ajaxchat) v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de URL en el parámetro GLOBALS[mosConfig_absolute_path] en tests/ajcuser.php. • https://www.exploit-db.com/exploits/9888 http://secunia.com/advisories/37087 http://www.packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt http://www.securityfocus.com/bid/36731 http://www.vupen.com/english/advisories/2009/2968 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2400 – Joomla! Component com_php - 'id' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2400
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección de SQL en el componente PHP (com_php) para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en index.php. • https://www.exploit-db.com/exploits/9028 http://www.exploit-db.com/exploits/9028 http://www.securityfocus.com/bid/35515 http://www.vupen.com/english/advisories/2009/1732 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •